Gateway Firmware Security Vulnerabilities and Issues — Gateway Firmware CVE List

CitrixGateway Firmware

14 matches found

CVE•added 2019/12/27 1:6 p.m.•2542 views

CVE-2019-19781

CVE-2019-19781 affects Citrix ADC (formerly NetScaler) and Citrix Gateway/SD-WAN WANOP appliances. The issue is a path traversal flaw in the ADC/Gateway stack that could enable remote code execution. Exploitation was discussed publicly with advisories and mitigations; Citrix released fixes and mi...

9.8CVSS9.8AI score0.94442EPSS

In wild

CVE•added 2020/07/10 3:38 p.m.•1105 views

CVE-2020-8193

CVE-2020-8193 affects Citrix ADC and Citrix Gateway (and Citrix SD-WAN WANOP) with unauthenticated access to certain endpoints due to improper access control. Affected releases include Citrix ADC/Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, 10.5-70.18 and WAN-OP version...

6.5CVSS6.5AI score0.94394EPSS

In wild

CVE•added 2020/07/10 3:39 p.m.•1058 views

CVE-2020-8195

CVE-2020-8195 involves improper input validation in Citrix ADC and Citrix Gateway (and Citrix SD-WAN WAN-OP) prior to version 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, plus WAN-OP 11.1.1a/11.0.3d/10.2.7. It results in limited information disclosure to low-privileged users. T...

6.5CVSS6.2AI score0.71723EPSS

In wild

CVE•added 2020/07/10 3:39 p.m.•1056 views

CVE-2020-8196

CVE-2020-8196 is an information-disclosure vulnerability in Citrix ADC/ Gateway and Citrix SD-WAN WANOP where improper access control allows limited data exposure to low-privilege users. Affected versions include Citrix ADC/Gateway prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-...

4.3CVSS5AI score0.68113EPSS

In wild

CVE•added 2022/12/13 12:0 a.m.•777 views

CVE-2022-27518

CVE-2022-27518 affects Citrix ADC and Citrix Gateway when configured as a SAML SP or SAML IdP. The vulnerability allows unauthenticated remote arbitrary code execution. Citrix’s security bulletin CTX474995 lists affected versions: ADC/Gateway 13.0 before 13.0-58.32; 12.1 before 12.1-65.25; 12.1-F...

9.8CVSS9.8AI score0.27687EPSS

In wild

CVE•added 2020/07/10 3:38 p.m.•178 views

CVE-2020-8194

CVE-2020-8194 affects Citrix ADC and Citrix NetScaler Gateway (and Citrix SD-WAN WANOP family) with a remote code injection flaw described as reflected code injection. Affected versions include Citrix ADC/NetScaler Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, and...

6.5CVSS6.8AI score0.81139EPSS

In wild

CVE•added 2020/03/06 8:33 p.m.•151 views

CVE-2020-10112

CVE-2020-10112 affects Citrix Gateway (Citrix ADC) versions 11.1, 12.0, 12.1, where a cache poisoning issue is described as involving the caching system that stores dynamic content for a static period under specific URL paths used by Citrix Gateway. The root cause is the way the gateway caches co...

5.8CVSS5.5AI score0.00501EPSS

Web

CVE•added 2020/03/06 8:32 p.m.•150 views

CVE-2020-10110

Citrix Gateway versions 11.1, 12.0 and 12.1 are referenced as affected by an Information Exposure Through Caching issue. The Red Hat/CVE and other connected records describe the vulnerability as exposure via cache headers, specifically the Via and Age headers, used in proxy caching, with Citrix d...

5.3CVSS5.1AI score0.00586EPSS

CVE•added 2020/03/06 8:33 p.m.•150 views

CVE-2020-10111

CVE-2020-10111 affects Citrix Gateway 11.1, 12.0, and 12.1 with Inconsistent Interpretation of HTTP Requests (CWE-444). The issue relates to caching of HTTP/1.1 traffic by Citrix ADC for performance, with Citrix disputing it as a security issue. Several advisories/feeds describe a cache bypass vu...

7.5CVSS7.5AI score0.00501EPSS

Web

CVE•added 2019/10/21 5:9 p.m.•116 views

CVE-2019-18225

CVE-2019-18225 affects Citrix ADC (NetScaler ADC) and Citrix Gateway via the management interface authentication bypass. Affected products/versions include Citrix ADC/Gateway 13.0 before build 41.28; 12.1 before 54.16; 12.0 before 62.10; 11.1 before 63.9; 10.5 before 70.8. The issue allows an att...

9.8CVSS9.4AI score0.002EPSS

CVE•added 2020/07/10 3:38 p.m.•87 views

CVE-2020-8191

CVE-2020-8191 concerns Citrix ADC and Citrix Gateway (and related WAN-OP components) with a reflected Cross-Site Scripting (XSS) vulnerability caused by improper input validation. Affected versions include Citrix ADC and Citrix Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10....

6.1CVSS6.2AI score0.91043EPSS

In wild

CVE•added 2020/07/10 3:32 p.m.•72 views

CVE-2020-8190

CVE-2020-8190 is a local elevation of privileges vulnerability in Citrix ADC and Citrix Gateway (and implicated Citrix SD-WAN WANOP appliances) caused by incorrect file permissions . It requires an authenticated user on the NSIP to exploit and can lead to privilege escalation within the device co...

7.5CVSS8.1AI score0.00268EPSS

In wild

CVE•added 2020/07/10 3:40 p.m.•70 views

CVE-2020-8197

CVE-2020-8197 affects Citrix ADC and Citrix Gateway (management interface). Vulnerable on versions 13.0-58.30 and earlier: 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. A low-privileged user with management access can execute arbitrary commands (privilege escalation). Remediation: apply fix...

8.8CVSS8.9AI score0.0071EPSS

In wild

CVE•added 2020/07/10 3:39 p.m.•62 views

CVE-2020-8198

CVE-2020-8198 describes improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18, and Citrix SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7, resulting in Stored Cross-Site Scripting (XSS). Connected sources...

6.1CVSS6.5AI score0.0039EPSS

In wild